<?
require_once("header.misc.php");

function addNewPage($name,$script) {
	connectToDB();
	$exists=mysql_query("SELECT * FROM `page` WHERE page.page_name='" . mysql_real_escape_string($_POST['name']) . "' AND page.page_script='" . mysql_real_escape_string($_POST['script']) . "'");
	if(mysql_num_rows($exists)!=0) {
		return false;
	}
	$query="INSERT INTO page (`page_name`,`page_script`) VALUES ('" . mysql_real_escape_string($name) . "','" . mysql_real_escape_string($script) . "')";
	mysql_query($query);
	$pageid=mysql_insert_id();
	mysql_query("INSERT INTO page_access (`page_id`,`access_id`) VALUES ('" . $pageid . "','1')");
	return true;
}

function deleteGroup($id) {
	connectToDB();
	if(!isSystemGroup($id)) {
		if(groupExistsId($id)) {
			mysql_query("DELETE FROM `people_group` WHERE `people_group_id`='" . mysql_real_escape_string($id) . "' LIMIT 1");
			if(mysql_affected_rows()==1) {
				return true;
			}
		}
	}
	return false;
}

function newGroup() {
	connectToDB();
	mysql_query("INSERT INTO `people_group` (`people_group_name`) VALUES ('New Group')");
	return mysql_insert_id();
}

function mkNewUser($firstname,$lastname) {
	connectToDB();
	$username=mysql_real_escape_string($firstname[0] . $lastname);
	$user = mysql_query("SELECT * FROM `people` WHERE `people_username`='" . $username . "'");
	$i=1;
	while(mysql_num_rows($user)!=0) {
		$username=mysql_real_escape_string($firstname[0] . $lastname . $i);
		$user = mysql_query("SELECT * FROM `people` WHERE `people_username`='" . $username . "'");
		$i++;
	}
	mysql_query("INSERT INTO `people` (`people_firstname`,`people_lastname`,`people_username`,`people_password`) VALUES ('" . mysql_real_escape_string($firstname) . "','" . mysql_real_escape_string($lastname) . "','" . strtolower($username) . "',sha1('" . strtolower($username) . "'))");
	$id=mysql_insert_id();
	if(!$id) {
		echo mysql_error();
	}
	return $id;
}

function newAdvisory($name) {
	connectToDB();
	mysql_query("INSERT INTO `advisory` (`advisory_name`) VALUES ('" . mysql_real_escape_string($name) . "')");
	return mysql_insert_id();
}